Estimate Time5 min

5 actions to take after a data breach

Key takeaways

  • Consider putting a fraud alert on your credit reports or freezing your credit.
  • Sign up for security alerts on your important accounts (e.g., financial institution, cell phone provider, email, and social media), and enable enhanced account protection features like multi-factor authentication. Consider opting in for all security features offered.
  • Review your accounts and your credit reports regularly to look for signs of unusual activity.
  • You don't need to wait for a data breach to enhance your security. Many of these measures can be applied anytime to proactively protect your accounts.

If you’ve been notified that personal information was potentially accessed in a data breach, you might be looking for steps to take to protect yourself.

The good news is that there are proactive steps you can take to help protect yourself after the fact. Even if you don’t believe you’ve been impacted by a data breach, these steps can help you protect your security anytime.

Read on for 5 ways to protect yourself after a data breach, plus 4 more measures you can take anytime to enhance your security.

Fidelity Viewpoints

Sign up for Fidelity Viewpoints weekly email for our latest insights.

5 steps to take following a data breach

1. Try to find out what information may have been stolen.

Loss of sensitive personal information like your Social Security number may require more action than the loss of a credit card number. If those details are not immediately available, one option is to plan for a possible worst-case scenario in which your Social Security number has been compromised.

While a credit card can be canceled and replaced, if your Social Security number is compromised, you may need to closely monitor your credit reports and review your work history with the Social Security Administration. The US Federal Trade Commission (FTC) offers a portal at to help people navigate the process of reporting and recovering from identity theft.

2. Sign up for security features, such as real-time transaction alerts and multi-factor authentication, when offered.

Look for them on your financial, phone, email, social media, and other accounts that have personal information or provide important access.

Multi-factor authentication is a strong defense against the most common types of attacks, because it requires you to verify your identity with something beyond your login ID and password. You may be asked to enter a unique security code sent to your phone or use your biometrics (like facial recognition or a fingerprint) to log in.

Opting in for security alerts with any accounts that offer them can help you respond quickly to suspicious activity. On your financial accounts, these alerts can send you a text or email if your account information is changed or a transaction is initiated with your account. That way, if you receive an alert for an action that you personally did not take, you can notify your institution right away.

3. Request and review your credit reports.

You’re entitled by federal law to a free annual credit report from each of the 3 major credit reporting agencies: Equifax®, Experian®, and TransUnion®. When you check your report, keep an eye out for anything amiss. Consider checking one report every 4 months to keep regular tabs on your credit. If you find any mistakes, from an incorrect address or misspelling to unknown accounts and misreported information, open a dispute with the credit reporting agency. Be sure to include any supporting documentation you may have.

4. Consider freezing your credit or adding a fraud alert to your credit files.

A fraud alert will alert potential lenders and creditors that you may have been a victim of fraud, so that they can take extra steps to confirm your identity before issuing or extending credit. If you initiate a fraud alert with one credit agency, it will send the information to the other 2 agencies. An initial fraud alert will generally stay on your file for 1 year, while an extended fraud alert may last for 7 years.

A credit freeze is another step you could consider taking. It offers stronger protection than a fraud alert, because it prevents lenders from accessing your credit report. However, it means that you will not be able to apply for any new lines of credit, or extend existing lines of credit, unless you lift the freeze. All 3 credit bureaus have free self-service features that allow you to quickly and easily freeze and unfreeze your credit (temporarily or permanently).

5. Review your accounts at least monthly.

Check your bank, investment, and credit card accounts at least once a month and ideally more often than that, and make sure you recognize all transactions.

If you spot something amiss, it’s important to notify the financial institution immediately. How much protection you may have against unauthorized transactions may depend on what type of card was used, how long you take to report the issue, and your financial institution's policies. The FTC provides guidance on the protections federal law offers in limiting your liability.

4 more measures to enhance your security

In addition to the 5 steps above, consider these 4 security measures to help keep you safe in your everyday digital life.

1. Keep an eye on your social media presence.

In the age of social media, identity thieves can glean a lot of information from your social presence. If you're targeted, they may know just enough about you to make their story believable. Keep an eye on your profiles and carefully consider who can see your social media activity.

2. Don't click unknown links in emails, texts, or other electronic messages.

Clicking a suspicious link in an email is the root cause of many successful cyber attacks. It’s called phishing and it’s the reason why it’s critical that you evaluate each and every link you’re asked to click in an email, text, or other message. No reputable institution will ever email you and request your account access credentials.

Vishing is related to phishing. Instead of email, fraudsters call your phone and convince you to give up sensitive personal information or to follow a link they send, which can then upload malware to your device. Anyone can fall for social engineering under the right circumstances. They may tell you things designed to scare you and to make you act quickly, like that your grandchild is in jail or kidnapped, that your bank account has been hacked, or that you're being accused of a crime.

A simple rule to follow is if you’re not expecting the communication, or if it sounds too good to be true, do NOT respond. You can also establish in advance a code word or secret phrase to use with family members to avoid falling for scams. (Read more about ways to help stop scammers and identity thieves.)

3. Use unique, strong passwords.

Use a different password for every application and website. What constitutes a good password? One that is long and hard to guess. Avoid using any personal information, such as your name, birthday, Social Security number, wedding anniversary, or other information that’s easily attained via a search engine or social media.

4. Keep operating systems updated and back up your devices.

Today, most operating systems let you set your preferences to automatically install updates and patches as soon as they are available. That goes for software too, including antivirus protection. Don't forget to update your mobile phones and tablets, and the apps installed on them. You should also consider backing up the data on your devices regularly. If your device is stolen or compromised, it will help you access and restore any information on the device.

Stay safe at Fidelity

Fidelity has an extensive range of safeguards and multiple layers of security in place to protect the security of customers' accounts. By design, some of our protections are visible and some are not. We make many additional security tools available for customers to use, including multi-factor authentication, money transfer lockdown, and transaction alerts. Of course, we also provide a Customer Protection Guarantee for unauthorized activity due to no fault of your own. Visit Fidelity's online customer security site to explore these features and learn more about what Fidelity is doing to help keep your assets safe.

Keep your documents safe—for free

Store, access, and share digital copies of your family's most important documents with FidSafe®.

More to explore

Fidelity does not provide legal or tax advice. The information herein is general in nature and should not be considered legal or tax advice. Consult an attorney or tax professional regarding your specific situation.

Views expressed are as of the date indicated, based on the information available at that time, and may change based on market or other conditions. Unless otherwise noted, the opinions provided are those of the speaker or author and not necessarily those of Fidelity Investments or its affiliates. Fidelity does not assume any duty to update any of the information.

The third parties mentioned herein and Fidelity Investments are independent entities and are not legally affiliated. Third-party marks are the property of their respective owners; all other marks are the property of FMR LLC.

Fidelity Brokerage Services LLC, Member NYSE, SIPC, 900 Salem Street, Smithfield, RI 02917